51186825dc2b165fba8258eff52cfd9e771065bdbd2341c02d935d5bf6e8932f

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-10_88074d0b2455688da79d7a23b7d14ee6_avoslocker.exe
Size

1.3MB
MD5

88074d0b2455688da79d7a23b7d14ee6
SHA1

e3b825eda9bc0fb0bd11099daeedf5a0e4ef7dbc
SHA256

51186825dc2b165fba8258eff52cfd9e771065bdbd2341c02d935d5bf6e8932f
SHA512

8be57b228b378b6b28acccb9c646496e52bfa4dcf9f2a255e198d008d11f0cd9dd3f9ff29f64a4b53d79e669bd1c843df6ae24cae4907c057bf5ac57296b5be6
SSDEEP

24576:92zEYytjjqNSlhvpfQiIhKPtehfQ7r9qySkbgedaSkQ/7Gb8NLEbeZ:9PtjtQiIhUyQd1SkFdzkQ/qoLEw

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
4792	alg.exe
3772	elevation_service.exe
2240	elevation_service.exe
2068	maintenanceservice.exe
852	OSE.EXE
3012	DiagnosticsHub.StandardCollector.Service.exe
2816	fxssvc.exe
3396	msdtc.exe
3064	PerceptionSimulationService.exe
4128	perfhost.exe
4152	locator.exe
4780	SensorDataService.exe
2184	snmptrap.exe
3532	spectrum.exe
1836	ssh-agent.exe
780	TieringEngineService.exe
3580	AgentService.exe
3476	vds.exe
2532	vssvc.exe
1020	wbengine.exe
2292	WmiApSrv.exe
4512	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-07-10_88074d0b2455688da79d7a23b7d14ee6_avoslocker.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\5e8cf1c86c5b9070.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	elevation_service.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-194 = "Microsoft Excel Add-In"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000002e1cedf2d2da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-4 = "Microsoft Simplified Chinese to Traditional Chinese Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\searchfolder.dll,-9023 = "Saved Search"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000006b6655edf2d2da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\msinfo32.exe,-10001 = "System Information File"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c695a2ecf2d2da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ef81cdecf2d2da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000086ccfaecf2d2da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\setupapi.dll,-2000 = "Setup Information"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9937 = "3GPP Audio/Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21825 = "3D Objects"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000528a9aedf2d2da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video"	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3772	elevation_service.exe
3772	elevation_service.exe
3772	elevation_service.exe
3772	elevation_service.exe
3772	elevation_service.exe
3772	elevation_service.exe
3772	elevation_service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1104	2024-07-10_88074d0b2455688da79d7a23b7d14ee6_avoslocker.exe
Token: SeDebugPrivilege	4792	alg.exe
Token: SeDebugPrivilege	4792	alg.exe
Token: SeDebugPrivilege	4792	alg.exe
Token: SeTakeOwnershipPrivilege	3772	elevation_service.exe
Token: SeAuditPrivilege	2816	fxssvc.exe
Token: SeRestorePrivilege	780	TieringEngineService.exe
Token: SeManageVolumePrivilege	780	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	3580	AgentService.exe
Token: SeBackupPrivilege	2532	vssvc.exe
Token: SeRestorePrivilege	2532	vssvc.exe
Token: SeAuditPrivilege	2532	vssvc.exe
Token: SeBackupPrivilege	1020	wbengine.exe
Token: SeRestorePrivilege	1020	wbengine.exe
Token: SeSecurityPrivilege	1020	wbengine.exe
Token: 33	4512	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4512	SearchIndexer.exe
Token: SeDebugPrivilege	3772	elevation_service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 976	4512	SearchIndexer.exe	116
PID 4512 wrote to memory of 976	4512	SearchIndexer.exe	116
PID 4512 wrote to memory of 3800	4512	SearchIndexer.exe	117
PID 4512 wrote to memory of 3800	4512	SearchIndexer.exe	117

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-07-10_88074d0b2455688da79d7a23b7d14ee6_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-10_88074d0b2455688da79d7a23b7d14ee6_avoslocker.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1104

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4792

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2240

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2068

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:852

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:3012

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1132

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2816

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3396

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3064

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4128

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:4152

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4780

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2184

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3532

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:1836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:408

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:780

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3580

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:3476

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2532

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1020

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:2292

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:976
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:3800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
1cfc2afdd6f4ad348f0dabe7b90c89ff

SHA1
578873f9d0ed7ef43849895ca492771467afe80c

SHA256
6889f5bb5f026770c4576a30405a3ed578644bbdfbc206f87e3a484b27e58507

SHA512
48a87cb8b0582f2f6905b19e457a8256f40700a6e13f0b8a58a16a9d0d0bb3461b77f5a02762335a6fb6a2db911f48bd51e9e9084b5c48f3e2c002249e2c58b8

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
ba12b306970e59a80cf6f2e1b994c7bc

SHA1
a1879d142d69290d080b76eb1d2d8adb1bfbc098

SHA256
3d57a7f85db885220ba7b41cc7187607ef427dbcb0e344fdc6393b5c2c7d4e87

SHA512
89fee67a8af2d500834177d85f3868d153d5eb1d9351151ba37b7f028b556711486b208bd5e965b5230bbaa5c9454588b252e37210855e6270cd084b64c38556

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
4395c084261416b38f2bc7342cb281bb

SHA1
49522eac48d78b9dc8dd4beb1a84c47538af58ef

SHA256
fa4fd70ef465a5a806215b6cb06267d0cd523f333736fc8efcd5f936639a7a06

SHA512
502a3c3b532ba8716f13e975c059346956036419eb17ba291f426a2ab936178b508fc6282f070a6e8a1f3dd3f97a2ec6cfa5c7052e4c0804a406be2d8c6eb319

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
f0fd098f128345b9d653c722b8365c41

SHA1
83446d149e6dd259749af87adcb15eb548b4f609

SHA256
26730935eb8c335dc2b5ff4568dadbab539f26eb41a07df1a8c6f5fae7a3030f

SHA512
efe2a57ee052162b5b5bedb914249106767efee12ebfa132f794e2a41e97c951d5c527273c13b806201b2d536b99584e59faf30dbad18f13316cd02a4a5c4748

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
cc9845f0064b2d19336df7057211581d

SHA1
a6c88ef593d514309aa7c65e274c17cdad97c352

SHA256
73da17a15bf14b8daf23e65cbdae7aba013ea1e472a4678b1e351ed620329283

SHA512
7b19caca70f46d20c53138fc3b3e7417e90c76fab44327e0bc6d734089325b7293f8e02d7259a068c9a4ecf916364300dd7f073aa2c354a8b027ed224b663eec

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
96e9cddf33e99486e49b0aac12faa665

SHA1
324288cf0f5b2494feb15e3b6f1a2438e3d346d7

SHA256
1dae2f4311946159c3accf1a03fb3584495f41596c6545243fedfba6c6a6b4f8

SHA512
9b23cd75bed1aa264845ef42beae21cbae53aca28a6ed66ce03920c9b110b256213df6ba74473f27cd59ac79938dcf92341cb03e9e7a80878a373600b3779352

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
f3bcc2f84dbe0fe20a6b5eb7b6d063bc

SHA1
3d2ae90db351eeafc05d8b251dd9d86cb31d793d

SHA256
a06976e5a255d28633275be710197b181fd5a8a44b3852282327a8e0d2225004

SHA512
bc59db570e30670d1b1ae1b91ca6270a866963dbcab3515ab44bd0e9b57e01d06a6c61cc89c906437ba5ee46c4fae3724fd30682bd2e80eca99be11e69bad013

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
3491c37a2977e4e34c5ee1c48b147eee

SHA1
c0a9635742835c4e2b14bf7a611c87d8f93f266f

SHA256
c23ba4d4ee862ce51efa75995566f2df7db111c28abc2feb25948f01f408b5c1

SHA512
2ee3ce281d54034143a723019ede152ffef339aa1a3d7e5819d1184121811a5267aa8ded7825bf60257e7b17c54a18ee9aef3b00a130e1d95cc784ad6ef79a68

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
55a3608123fc17708e3624ee5c2b2bae

SHA1
0a596ef0bd6ed9de8ee14e6c7ff24338303c31e0

SHA256
26866f0e4607674a7bbcb5e5d80ae99e982c4af9a497c960f64a358a85c32b7a

SHA512
7dc8c8b45f725d63d79b668ecb2247f8766b63dfe4c9c441d6a72c7af2c0763b8a4c799691db554222faa65c794c4f8adc9adc80f5f3e7bd3a6c0d65ae862b02

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
378abb0b4c3c0c71676053657d7b0683

SHA1
7b629d202f8c5789e933cca5cce5d7f3d2a22b31

SHA256
0f79a904dc824e7561a2f83787ee84b6cd761c1fb66bd2351a984358f1c9e066

SHA512
b93333c1a6548a2fddd52e3a5034ae035dbb78bf4c71ca9f8626e562727b175c1a18a5a3d7cb23ff50e45f35503da8676d71ef6b6d99113e421b438228045d4c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
40006d84b17ff2f5d44fdc0300ce8266

SHA1
754081ff8154fece244179448a2b1385855cd442

SHA256
84283f42abc50e35d83e5e1bcb33a6613449cef6362765514546a91ddd322047

SHA512
3ee3fd280b621f10e6a3d90062f1e69833751a610ba040b2ebb49fe507330293fb13bd92fd42d52160c7bdac713dad11ca2f23fb32e68c38c537c57be71b097c

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
289e45eba05afb1414c2c1c153bf110e

SHA1
c5132ea5050c28b85fab89dbbd4fd7a68d21cfa2

SHA256
3e23ebcf18cda8ce0805556f1ac84316ef37bab617e611ed4b1bcd0aeaa9388a

SHA512
4a02359645473b602ff24a50c181f68fe0534cba76ec1b8e6724ee207d7735885e844c2566c56cd03a0d16986438c4cf86c51c216ddc70d7469c3fae11409e58

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
943acd68b29261103d72fddffcaeeff6

SHA1
8dcab86d8a1aad8fbf0722524bab2e1c25bc7b3b

SHA256
cdbd7b6f25c0f0b8e949589fe4bf55c3707460a74e5465a2184b6fcd5d3a0ecb

SHA512
2bfd48cb02fc96558ce22e0424343ff7b083aec355318c48549cbf0a78f391ac304b648219805f304fea0207ead0633f3737f2309ffbf1154142e767a413520e

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.2MB

MD5
ce3f7c2e6f5f4bcb8492303c92138b07

SHA1
930ecbb907b52421d0344fd2b753681b1151e3f5

SHA256
5efcb40653853c92d250301e9579d435ae8c6ae76412d17c619121adfdaa6337

SHA512
9564e379d30ae20106f6a1c168b2032e09893e7c987fffd699925a8e51cc88ea22642ec1c007998de948a5181d0aeea9f24dfbc06f78288421f4e523981c8dc2

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe

Filesize
4.6MB

MD5
8cdfa8cec9f7c7096245380ec38eff4b

SHA1
7463869cf569447697ed50da9b2178017ad62fa0

SHA256
ce2d9c35e91b92da68003d3cbe4b6b007a6a758b8709d757db0644f02e38724c

SHA512
27074ff4ca1747b0ed1485228d305b4f275c0f5bdbd3c588eaf404ba121959d41d4850b4bd5d6af6bde8ba05ca9f5af5bc836a74a1e60123b4af3c97968faf53

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe

Filesize
4.6MB

MD5
86a8f3198e63c342e1520399af04cc57

SHA1
964b7310706e114e42e6718fc3b21672d5c05b97

SHA256
9bc1b6a1603df50c8fb6d8f15dedc0799f489d91fcf52f28e5474642ca40efa5

SHA512
21acc0f3881cb2f836e0d8976ba3832a14489703a64f54a7d1997ef84fc7e3f4fd94c9eb5c939b6bffb47547adec64dc3ce731722ba158e2a813130ddba01c73

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_pwa_launcher.exe

Filesize
1.9MB

MD5
855e2593e4ec051fb48416608b03c8f9

SHA1
2b84619e0841f2d5dcad165eb748f577b3be230b

SHA256
91e14ac97fff0b5894de90f81a3026bdb99472724f643ffef48e8001e0fed684

SHA512
3a0254fd491eac805401ad356cc9267383d08864c70b51e6638c20fe012ee69dd374543809c1cea0d154e99cefb5b170be517d12cfd4a8c2df699b2368f91446

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

Filesize
2.1MB

MD5
9e75ac1a963c86919949ed7d3abae09a

SHA1
09ab1a1001b6c772dd3ecf4d6e0eecc2afa389ab

SHA256
2e596c00152c1b561137b6ca6d6684837f2608c9aa11a8243d0e2aa1d6f73306

SHA512
c08b64a4b5c94bdf56832dc41d204c3b90e7086609aece84b8181f4438f1613a20af50902adab44b2f9770ad018d5b3acbb1ed45341abf9591b936598c603102

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\notification_helper.exe

Filesize
1.8MB

MD5
e4a57a5ed86c930035f22bf0555562b0

SHA1
4ee7325c807114e4bd198c0767a03bd62be9658a

SHA256
c1d953578014416e87dabef9ea7978e3606f3796b26f94d26c0b2855ab0ec113

SHA512
94a196b36f9a0e32109e01e19a925505a24be7948ccde4325607e505ec4943f04167d9230774cedbfc2395f2985ce0207191519338f0a1b0ed66cf5ea1f09999

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.6MB

MD5
1d07efeab5708bebe282135f1befae21

SHA1
23a905b7224e0a02040e4a02a9996ca6f2113b55

SHA256
1bbf374cc2f3331e3e1a48075cd7588e1329fa393fff8468053ad68a0d2dc07c

SHA512
292386cf25a8b7bb1341f07289d7bb4bddcf77b4a10ef4dfaff8a3ee9fe24e989045b5142f0d0740b4417461147e736fc1e2cac2f225112a04845c8f3b3c2c16

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
4c371b1be6a272d0bc0767fbf44b7877

SHA1
d39ce9b290b3d966a00aac288b3e73b9ee1a5d78

SHA256
95d4e770352ef4ddc1e4deac01e5d4a555222dba3c10efd2135739bfefe4bd3a

SHA512
b7e22fb89e82cef144a072cf74c402d94ff9bcd27fba853114327ed1325a011528fd8e533e4703e4760cf426dbb791d5394ec067067ca31bb09023923ccf4856

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
5493679cb222c82573d51ae8f6584a14

SHA1
94fe38990697f94a1341cf3cf741fa3934d1ac81

SHA256
4d0bd25ba10398050b66f16c9fbfc5a87e83e3a3f5157fbd1df3003541b30b54

SHA512
88b7410985da7d34627182ee7d4042fc58c1f92532711de6bfae3f7aca5b7891404ee0c65faa47371b2a5d6efebf8399d17a8b82d05328b8c603a2525428bb2f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
c150bb01c5bc1e38834b0514694340f0

SHA1
d0d2ebb6310a0a56e6f1888aafd28b7d815334a8

SHA256
3b658a96f250fa74b35b9ca08dc3415ce98d9dd38538cdb0b7ef6729afd1afb6

SHA512
3683cad3b5ce65de69e751d2acf2b8870ba53beb21dea5ff98585ccc40afa5ded65ce9da8a8275dea4eb9671403daf295f2f4a364c49779d77907b0ca1fab48a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
4605126d2e760e2bff1408e4c90effe1

SHA1
95681c6eaf540f5fe04d0b0057f28de6503bbd72

SHA256
bdd1d1901920ab35961a2f06db8037d8762da9cec02f100b85018a7ff60279b8

SHA512
fdc194851a8899745b2b1429c1810e2a7bcb21e155eccea3a2f0bdcd7355f865fe80737132b2ce36783d0f361dbae67b777dd690387e765038c1868075811c91

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
6ca4acccaf2e53a4727ce7c0659d3eaa

SHA1
4a6897c4c516481c5edb748f30d46ead247afc58

SHA256
f46e8940c5cdfb9326614ec6eed11954903520203277c889fe8adc6bd8453f0e

SHA512
7ceba35dafb6bb50dce402349c171aa6449d223f6352d1a36b2f673b49464c2981b5dc188abde631920b6c367eb3b615a06580f4271ec43684f427bce68ceeb4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
82c1bcdc903dc2578f2fba9da4088073

SHA1
bfb8e3a66d73803d28d0bcefc474ded6bb3f709d

SHA256
c18c1ce5bbbf6c1b66ac676024501bcf13cfbbc909281726d10936af9dacd40f

SHA512
7b9a6621d5ec1ab7bd549a9a8e9a70dfea7ad76c0dbed3491781651a7ff8583b31ba4a4791cd0c20354d334301566e78e8bd48a381ec773bbb480398c583082a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
66d279dc633c8088681fc2d4f00287eb

SHA1
4935d414809ff6f6ad4bc5cca164bfccb88592a6

SHA256
16ee5f601b8777da8c7211e83096ab07f871d113acf53d1e0d077eb54b70c682

SHA512
f9f826458c6d8e253359b3cc449a5bace0e84ec269f1e63b600ae1d90eb75088698f61b6bd7ff1ba8b97a137fdb66e50c913fd6e8f31d9a35af700079693294a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.4MB

MD5
5ace826dc28cacac827d5bf3e03a6b50

SHA1
d98e390567394cb956ca7763d25afd7f6076c186

SHA256
1d9e5dcdf7d63b907abae822a0a37d98e4c396871a39f0cf3b622deeeb534d3b

SHA512
d2f6adfaaf5e87d7ef4068bd228e541b367a31a9beb3a585c7c1aceffc263b33473777d6afbaa46462af4812f949318061f80eed57c968137fb163a76680dd17

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
751021a0fc9bf294cfe982121b6cb55a

SHA1
111cdd79c451c8b170feac9cc94f6f884bce594e

SHA256
c9e85ee152fceb1778ccc03c456b5e7e98509ed14a9df53cc1034c8e0b61ec08

SHA512
cbdfb37d074d08389eb6b3d2dd69fddbe442b68c758d63dfa7da545284a6e8c3b1335c4774c18b8c2205183d1657ce8dfe715177add82863e03f99bc6e5d2037

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
ade27b1169ca06d5e375238c1cfe05d8

SHA1
cc715f6985f582d328d21b48a4187c8e1c1e148a

SHA256
7ebf62d6676b8bb5c0435a5069ba62175dabf0b7bb4a1a85ff9f90ed44c6fe41

SHA512
56efc1b29fec5d33b87a565febf1b960c2dcb82b8fe1e0352cc2d6b1bde4908c5a85d7a014ae894016bab3c385352bb99f9694cd7fd4d704367949b1b10af11a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
7689b85da4ada5299e169fa399bba0b6

SHA1
7aad8d9992fab41846e7b48f6af00fc274f294fb

SHA256
b9c98af4f09ceb8a8be99bea37e13c7caca336b80082114f7c87ecba4e01d31f

SHA512
d3d79e91b129f2c868dba684e9bd5bf8186034c46ded7fc0a55a8073e5fd11db0550149a5b1c78d517368ba4252e4db79a803bf09c64b1d5310b393943c9d945

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
79da8ce52a52bb47c1c6ca6d18238e97

SHA1
98d4b86ebdf6a87ca8f650dd4427835da4d1f9fa

SHA256
f395a7eef9ce6881c682cbaa5a9a7f5a0e3389a3e89ac0207cf14c32f007a359

SHA512
c12febb5d0cb56df8d6564fb86daa3f3f8d05f1c505e7648a1634c73de1de80d4a7536c01daf352abf25472a772ead344f9241d33b95ff0de75137ed6b93b9a3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
c5fed5ecb2b352239d3d89d706b44aeb

SHA1
afc0a839f50114a16984a1a6c6c2de0f064275c4

SHA256
87d1d87afbf2ebb602cdc1cdf980edab626715b70126930d360eb6ab4969f812

SHA512
3944ec8aaf15e5f7476cedf6563a28179fec35914c4ade78d15999b57520028d85ee73f22cf619c88ca2b8c4d7fdc1041c6655f7f16a3737172ce8c3a791bc45

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
5c0ba33e34c2805885f3576a0bb10a8a

SHA1
533ea60a4153aea9e238fd6a711b75cee909248a

SHA256
36e4e09080e1322850727fdc288d8991da4f70caf28a1be8a524670f69c85c47

SHA512
8f3e41c3789e8aaca19febe9ecb51ba4c5b5f084b32c453c8da32ed42b7a73b16eceb00905c9549835809265832b362298ecf833f4806e56f28035245de2719c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.4MB

MD5
b07ce6c15428394d172a92c46ccc12d9

SHA1
32b487735e26df799caba03c94718366fd4cdb87

SHA256
51ccd32010a02815a40c1fc436d0f7786a05a4ec1105cc5ac6a3776a050a90c7

SHA512
2f9da84682ef8dcbf98bc6dc872464ffe0517d0334d36005f0dec227b1a78edac07f522779ac2fbd07fc569c70ddbcd74bda7135d91bd456f9b78e14ed119665

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
1ed6a3c5aca993c36d298141080d93fa

SHA1
e546c524a887c894c002f0c20d9534cdb3a6eddf

SHA256
dc48dffd518214e54accb4c18adb7925a4d36ed918290f0dde45b17e5df4b458

SHA512
cd366ede80a9c1eec97c89e793ece0016efb153a8fd04f6f1f876ce398d65b36bf52c9fd346f649a333a0dfaeb9123c9a2ca4fe6f241a08022977d0b55cb4b03

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
205c2ce5b03a08fa866546e14a6d0a0e

SHA1
4790142ff09ce5b959a9bab7a4d4b00f35ce7499

SHA256
2253086a5bea7bf00874ac7835acb4440b7f5803ce473be1580659eac005c6e5

SHA512
1156d4fadb192e45bc7feda1899253ba30980f429b5fd44463c22499aa514025fcf2e55fe2678e73fcf75637ab83e6dfb7363bb5260e3c5ec49a58d33fadb887

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
d328aa9e21d84c1ea9bc34759713681b

SHA1
d7df880d01df8b86ae1b3b5ce85de74e8965ff87

SHA256
87f79db864fb231e9fe9022da2fc3110c77baff4276eebba1687bbe08d954a5b

SHA512
e65468c0f1645ef444b74724ce636e4f2033ce41e0f99e18cb9851824fe9c91763308118f4d0bef5be1b359758c3da8880e32fd7c0ab77559beec3b8c0378519

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
a29bc58cad1eebf2cd2c483fc0449eda

SHA1
534314a60248b5b2084dabc2012b6de764e433c4

SHA256
885f094f2b910362a064a6aa6112fa6d2b1f6d3fc89412dd53ca8b87f92e72b4

SHA512
95e9d85744f7c11af526e42d07198017c82cdfd4c3e822a730d33ce2001697df82543ae03f91b042bba9673b70abb282eaf9f27647442e98bd6c731ca3cdf21f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
8012e8d142cb3e716fe98969345c4ed2

SHA1
707f92af39f5f4a681bf7173d1f46e2c18bb351e

SHA256
6db8ef3edbc18b29c6985e4a8df888a662737ebc81fa464f1cf33956fa1037db

SHA512
02a96af472ed53e762905df14e5ddcf935845216dc16a46d7523051476234d1edd1ad80209334a0bb57a8de032b9c09607d9bf1bee10b7d6af580675dde038e0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
6001c6dff9ec4477ffec30973d3dcedf

SHA1
d3095c94a43fa00e7f14e17839d0d3bd4af69ded

SHA256
745648c01c3bd1669ed5f14d8c57c5378e81afff89334436be9b3b061fb7a1f5

SHA512
115f6164b97804d147278c12c3cdaf875fe264251a4f8a42e0257ae5a9492b0b4a5d51bd6feb825cdeda0f5abc2d01ab5de7863c964b9918bb0a3f54bb0954a1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.2MB

MD5
ddc068d546b9c89ceafda1ea72350185

SHA1
dee3ef519417954fba4ad7136d2002b594e96891

SHA256
a70b0b3e492efdc1e67544e24cdbf5d2a4b5b6de2c532f6b826de2b9cb85d426

SHA512
3e7174216af2a37f65256fe84f755161e79643ca58b2d6760ebc99ff2a6e84955c45294dfd8ce1ac66c41855ab5589b11baa84dffd786e6883e9739555006d5e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.2MB

MD5
106cc1fbd7dd1fde6df252c15cc465c4

SHA1
8d29777298711c27dc126774839216c520cfba8a

SHA256
7c3179450392496b315e9785357fdfbe2b7566f50c70f1cbd645098d93e8c261

SHA512
8b07b826e14087228cd7a57157834097d4d6a1beab067953f02fe62ad712bb743487178e3d6f81e34b3f1ab2f2e77be6772f963f354b1bbe76a7c95b4e2e21d5

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
d8bb4136d135acf09b5abce144bd254c

SHA1
21b2d1b8ea4a457d2f3f6d93b93c938c35884f42

SHA256
5a0da3a44454cd4ca322040cbf36cd71b4c51ccc62c134b7592cbff51196cc21

SHA512
ac5174bf1fe10993198362f2eb9a558f98e1de8ced99fb6a8550e07c9ac1a8f31b79d805b7a625ac6e554994704da3164b3d524c0c40700cc2b10e908810a1ce

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
33329d0772baa7be99065bdf319e09be

SHA1
6fde1610066cb47d789e2117bef6f137c9b8f2af

SHA256
8eee62a797802766df38691df6d40d3d4ece22f9d3d0d86ef02850fb31644752

SHA512
a65a7caa799febe26dada3184a897ee86024e78dda4a64b81fcb3c79c83364f316be4ff643293ba7b11508fc8ef910d1790f197ad387f72f3e89fb63a4b9e869

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
67f784b43b6e250cf7deb207161345e9

SHA1
3b60ee17952265d03a3b2d74c3a24f7f461cf185

SHA256
b459eb8199656c9794bfca82a69d6d33ddcc301ad1a6a4e0cf155b05c3ab48fe

SHA512
9bb29752e919d2f649ebf3ef11605f4c4e6d42df602f4d6831fe5b1c1dca665ead3673c67bcafaa7423b2fa3053ac082ca6a5e890c9a7f9fd3dec8953bc984c4

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.2MB

MD5
a74d47e0a2aeedc01304275c2922d416

SHA1
a4debaed32623a0eb7f056bb48eb345cdef17a9c

SHA256
bc9fa4937ad7727e54a0c0f581c30cdb7c2f8dc3d97e762d21209b6ea5ee7d3b

SHA512
36ad2714a9fcae07c482b465fd44abbc5c98ba7945b229fee53e15292538fe50e97ae5b96feb0f02ec5c543b698745ccc48abddfab6b0a627c15ace8b00fd7a1

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
28546d29beaa7026d5257a80290b28b6

SHA1
620c815779e0083c20d44047b02b3e61c236a407

SHA256
4ebe7e2a49dd54adf2c33d3c48480d5f1ed47008a329eb47f0f6387507711e2b

SHA512
979e11cd66a3621ab83c4f1652bd96c3d95a60324efc65d4d49619203eeb220c0e94de587e5aa52cc3f36844a0ad55c4bb466b5aad5b8c564efcd38ae87a061a

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
6d9bcad1db652af4f945e64360641ffd

SHA1
d312f5df9ea01b0b153d84b095d04e6e762b5b98

SHA256
41e0a7d89bf77f8e6509142da61242362f12c60345d4b09de7d0246c8cb19813

SHA512
d48d51369ed2e20fa4738fa9b96f481ab70f80b502be06dc0e54bb29bf7a338f5155685b1d7f5dd0fd4fe723a5d5496481f7103277b5752bf9e9fa2fd4ef9d6c

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
5425902c9d5cd483575661c18aa0e88d

SHA1
710b8e59586e332df33c4672eaf5922394662100

SHA256
3f5c337f0629c76dc43cb7a6bb44e9c0e4e2739870a5bad0c5e1af168ee98d85

SHA512
d226840a5e6a21b4e0bd711652877e015b9ee76f136386b6556e9852161e9add518cbe620e6d6fc36c7a117b039da0dd1054c702768afa34c43a1c9236f3e761

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.2MB

MD5
2bf7c6e2327f4efb43e1f270752ed5ff

SHA1
168f691752ed470ea38be582f4c057b09a8084cd

SHA256
46082cc7908e6bdee38f6bbae2d7578c303eb233b32fea098ad8f0e4bf4af427

SHA512
c4b1caa2c49c76cbfddb689451ea0ca59e19eccb0c35a17927461af1468cd3d34f2af17e48f58dd77df86b9f06b932038bf8dbe405dc9f3fccd941f99c8983ae

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
49e134ad755ac9b6105c11dc36de6b73

SHA1
3a884c6a1e8846327a748cbfc9ffbffcf7015634

SHA256
51b228c4acc18fb6245bed606ed806c562e6ebf538fdea135fd92a2cc29f52ee

SHA512
3f2c4072d9644183d83535a90f1e5c59de3b028ef603c23bf03fbeab0cdf1d183af641212dd9a3ccf58a55566cc3df0442621b8db5e2e90ff264270049b4a2de

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
fde7a47b18b4b827187cdbad6d49a2cf

SHA1
ffeb8df65b61d98aae90995ee95f995fd8d5d64e

SHA256
6c8a26f6d31e6f7c22df0a888d74a8f8b2b4770b9d5ca7c13d96cced4341a190

SHA512
07aa42f2c29b50f5479ad4d84e4d9feea9917e845cc3ce7ffce18a7926f69aa8d8ce4131dfbd686ecdd9d19b8052c6ab84eef61d8663a3c9cdab773dee39774a

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
ef03bb5c4df40c3423e4617a91fa7bc5

SHA1
66ffa2cbb11c80cb3a3397555dfb50d8cf55dade

SHA256
d131a036512342fac0919c2962c41b6501acda35992b0a2aa116c8227430634e

SHA512
5e40fea7ab56e19f89ab673065ac3927eea3005fed4cba0563274707df025c802f28637f05bf2a5c7b97c2e7cf8769ca7f095ac4a694edd6629595bb194df959

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
3b0b90c1575d4616f32074f83942cbb2

SHA1
87fcd3c4816faa6e88f5c22e96a12763542c7f24

SHA256
7aeed01cc017e6e129ff98dd3663fdaa77389d46474dc4cba5cafacf732ce8e0

SHA512
adde11c47cc0f99ae6ceaea307209ac5388b1dfffeed46a9b94c47e5fa387f2021f6db98d9d5bbacb845be2c6e3d303c7bc8d8f17d6c96bd6eff5e9f7555ac94

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
e9173f3c459d625934fe2b03a41cb707

SHA1
a9c702e0b72fb1e57c841b492cc37b2e2e63b033

SHA256
1f353d72ed77638dadeb43295badffd7e4d915705b451b219d2af89187487f43

SHA512
5e73eeceb33aeb9fa6b1c998a4536a6acd047fe24f3b99545f395e3c1040c08e9ef958dcbac65a4fd88946df5513380341cabfd595455b432180633a57bc3d83

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.2MB

MD5
6759a973edcb3dcc5ba1c474824b2168

SHA1
b8ea2f46617b58b968fc86cc4e0bdec7327073cb

SHA256
7a55345a35207e34a7d02ef624073651be1ff8926965a6313ea8948e46219a1b

SHA512
c45bc254a4253b56020af4494538f249f22367fe6540a9d163765deae24e8afa604c40615836bb4ae767c1baa2bdace199e789f2f7b71d1e9db0b48cec56a640

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
3407bb3291b295b7f19115f1a539bed4

SHA1
151a45d35edecfa896661c601c474c280440724c

SHA256
cbaa52b84c54e93028931b5add0ac21c7c9c3f06c35191211b226069c9952995

SHA512
398b762250473ca2e45d12cd74d95967a2ba73d1e132c624a3f5b47d5d18166e0078b9b56c9727a0dde746a9a7a5017b0ca1b857f1847ff5290873834a50583d

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
8d45334c9779b9b1d03c7de9849b76e9

SHA1
6e49f346db448b239a2d4204724dc0b3c4a90adf

SHA256
41ffdeba5e0036945fc4b05e9b11f175304a72b82ba31b55d6205d5f11fa8929

SHA512
72b0e85dce0a3e00b0fe06d5474c97c2f6677ca0893201fa81f93fba6ef937ec14061f33a838bad121ce0fbb45a018db1e36225bcc2f7de9fa149fc71a04fa44

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
1b103ff206073cae9fe21f8511fac1a1

SHA1
9260673e0b1f302e6d007287f8db0357ce1633bc

SHA256
9d0382c967d0a531fb4419e0147a1a0ef93127f50a12dbd3b6de71e880e7785c

SHA512
3d53ec52003956ea5a8af2ce4200fa305e7a926cff5e1dd9b227e3ec19d518686c26b0425a99cde3d1d3e8066c4f09d9c67224195ed5b43fe1b6a5b448c3a4e6

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.3MB

MD5
4a47bb03037d2806ab42c04d79efdc2f

SHA1
c35800a255272f7ede1a30b7e8c3249ca546fae2

SHA256
68ee5ab4878a94e4dfcf17b30ae9f5f906e178e85df95dcb9c0c2d45cbc4ddbf

SHA512
ba84694dfcf6c5f648dc1dee5150bbb0746d2473ed040b3e89a8d5f1b5a2127ad1a1db4c98ac9ad478c7169e5e09a33f46044e786d43ab895b28d41287e84d2a

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
70d5da9b3e9bf59a0a7e436df944dd13

SHA1
0ff888bf89f43c0215547801b80c370021a24649

SHA256
a5b489069f4ecf2cabbcb3005eaeb5e24cfb7b0e7dae7cfc90c4170488e5023c

SHA512
bfb89948f42f41e3626b06ab70c24497ae195681302d9cdb60eade3df50d726518b1c69b554288f651d3ee157f47c74db42fd1463f36208a31f4d95ed24e7615

Download Submit
memory/780-627-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/780-360-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/852-67-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/852-74-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/852-75-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/1020-632-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1020-410-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1104-6-0x00000000023B0000-0x0000000002416000-memory.dmp

Filesize
408KB

Download
memory/1104-0-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/1104-27-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/1104-1-0x00000000023B0000-0x0000000002416000-memory.dmp

Filesize
408KB

Download
memory/1836-623-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/1836-348-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2068-65-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/2068-52-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2068-58-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2068-63-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2068-60-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/2184-539-0x0000000140000000-0x000000014012D000-memory.dmp

Filesize
1.2MB

Download
memory/2184-331-0x0000000140000000-0x000000014012D000-memory.dmp

Filesize
1.2MB

Download
memory/2240-49-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2240-41-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2240-47-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2240-235-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2292-422-0x0000000140000000-0x000000014015D000-memory.dmp

Filesize
1.4MB

Download
memory/2292-633-0x0000000140000000-0x000000014015D000-memory.dmp

Filesize
1.4MB

Download
memory/2532-631-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2532-398-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2816-251-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2816-253-0x0000000000E80000-0x0000000000EE0000-memory.dmp

Filesize
384KB

Download
memory/2816-265-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3012-241-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/3012-240-0x0000000140000000-0x0000000140140000-memory.dmp

Filesize
1.2MB

Download
memory/3012-247-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/3012-359-0x0000000140000000-0x0000000140140000-memory.dmp

Filesize
1.2MB

Download
memory/3064-278-0x0000000140000000-0x0000000140142000-memory.dmp

Filesize
1.3MB

Download
memory/3064-397-0x0000000140000000-0x0000000140142000-memory.dmp

Filesize
1.3MB

Download
memory/3396-385-0x0000000140000000-0x0000000140150000-memory.dmp

Filesize
1.3MB

Download
memory/3396-266-0x0000000140000000-0x0000000140150000-memory.dmp

Filesize
1.3MB

Download
memory/3476-630-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3476-386-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3532-620-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3532-336-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3580-383-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3580-371-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3772-31-0x0000000000C80000-0x0000000000CE0000-memory.dmp

Filesize
384KB

Download
memory/3772-232-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/3772-30-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/3772-37-0x0000000000C80000-0x0000000000CE0000-memory.dmp

Filesize
384KB

Download
memory/4128-297-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4128-409-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4152-302-0x0000000140000000-0x000000014012C000-memory.dmp

Filesize
1.2MB

Download
memory/4152-421-0x0000000140000000-0x000000014012C000-memory.dmp

Filesize
1.2MB

Download
memory/4512-635-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4512-443-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4780-442-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4780-522-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4780-313-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4792-231-0x0000000140000000-0x0000000140141000-memory.dmp

Filesize
1.3MB

Download
memory/4792-12-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4792-18-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4792-11-0x0000000140000000-0x0000000140141000-memory.dmp

Filesize
1.3MB

Download